Security Settings

NOTE

Applies to: Sana Commerce 9.2.1 and higher

Sana Admin accounts and web store accounts of the customers are
password-protected. Sana Commerce policy requires Sana Admin users
and web store customers to use strong passwords. It is critically
important to have a secure and unique password. Moreover, Sana is
protected against the brute-force attacks.

Using Security settings in Sana Admin, you can
set up password security policy and force your users to use only
strong and secure passwords. The security settings are applied to
Sana Admin user accounts and Sana web store customer accounts.

When a user creates an account, an instant feedback is shown
about the password strength.

Password strength is a numerically expressed measure of the
effectiveness of a password against guessing or brute-force
attacks. The strength of a password is a function of length,
complexity, and unpredictability.

Different algorithms are used to verify password strength. The
higher password strength score, the higher requirements to the
password, and thus the more secure it will be. Sana accounts use a
scale of 0 to 4:

Throttled online attack - This scenario
presumes an attack that goes against some website or online service
that has your password and that website has a mechanism of
authentication delay which slows down the attack.

Unthrottled online attack - This scenario
presumes an attack that goes against some website or online service
that has your password and that website does not have any mechanism
to delay or limit the attempts to authenticate.

Offline attack against the "slow" hash - This
scenario presumes that someone got an access to your password,
which was not stored in plain text, but was "hashed",
and an attacker tries to break your password offline. Slow-hash
means that amount of guesses an attacker can try per second is
lower (around 10,000 guesses per second) than if fast-hashing was
used (around one billion to one trillion guesses per second).

Password strength depends on different factors and is estimated
based on:

Product Versions

Links

Sana Commerce does not accept any liability for the content of this website, or for the consequences of any actions taken on the basis of the information provided. The information below should be interpreted as an example. No rights can be derived from this information.
Sana Commerce – the integrated e-Commerce solution for Microsoft Dynamics and SAP